Wireless Notes
Learn WEP with RC4 encryption working, 24-bit IV weakness, cracking methods aircrack, why WEP is completely broken in minutes, and why you should never use WEP explained for engineering students.
Understanding WEP encryption, its design intentions, the critical vulnerabilities that made it completely insecure, and the lessons its failure taught the wireless security community.
WEP Design and Intentions
Original Goals
When WiFi was first deployed in the late 1990s, the standards committee recognized that radio signals travel beyond physical walls. They designed WEP to provide:
- Confidentiality — Prevent eavesdropping on wireless traffic
- Access Control — Only users with the correct key can join the network
- Data Integrity — Detect if packets have been tampered with
These are reasonable security goals. The problem was not what WEP tried to do, but how it implemented these goals.
WEP Encryption Mechanism
WEP uses the RC4 stream cipher, which was widely used and considered secure at the time. The encryption process works as follows:
- Key Setup — A shared secret key (40-bit or 104-bit) is configured on all devices
- IV Generation — A 24-bit Initialization Vector (IV) is generated for each packet
- Seed Creation — The IV is prepended to the secret key, creating a per-packet seed (IV + Key)
- RC4 Keystream — RC4 generates a pseudo-random keystream from this seed
- XOR Encryption — The plaintext is XORed with the keystream to produce ciphertext
- Packet Transmission — The IV is sent in cleartext alongside the ciphertext (receiver needs it to decrypt)
Integrity Check (ICV)
For data integrity, WEP appends a 32-bit CRC (called the Integrity Check Value or ICV) to the plaintext before encryption. The receiver decrypts the packet and verifies the CRC matches. If it does not, the packet is discarded.
WEP Vulnerabilities — A Complete Breakdown
Vulnerability 1: Tiny IV Space (The Fatal Flaw)
The 24-bit IV provides only 2²⁴ = 16,777,216 possible values. On a busy network generating 1000 packets per second, all IV values are exhausted in approximately 4.6 hours. When an IV repeats, two packets are encrypted with the identical keystream — and XORing these two ciphertexts together cancels out the keystream, revealing the XOR of the two plaintexts. With known plaintext (like ARP packets with predictable content), the actual keystream can be recovered.
In simple terms: The "randomness" runs out too quickly, and once it repeats, the encryption effectively disappears.
Vulnerability 2: Related Key Weakness in RC4
This is the vulnerability that actually killed WEP. Researchers Fluhrer, Mantin, and Shamir (FMS attack, 2001) discovered that certain "weak" IV values cause the first bytes of the RC4 keystream to correlate with the secret key. Since the IV is transmitted in cleartext, an attacker can identify weak IVs, collect the corresponding first keystream bytes, and statistically recover the secret key.
The attack requires approximately 40,000-85,000 packets with weak IVs to recover a 104-bit key. On a typical network, this takes 5-30 minutes of passive sniffing.
Vulnerability 3: No Key Management
WEP has no mechanism for key rotation or distribution. The same key is manually configured on every device and never changes unless an administrator physically reconfigures all devices. This means:
- If one device is compromised, the entire network is compromised
- If an employee leaves, the key should change — but changing it on 200 devices is impractical
- In practice, WEP keys never change, giving attackers unlimited time to crack them
Vulnerability 4: CRC is Not a MAC
WEP uses CRC-32 for integrity, but CRC is designed to detect random errors (like bit flips from noise), not deliberate manipulation. CRC is linear — meaning an attacker can flip specific bits in the ciphertext, calculate exactly how the CRC changes, and modify the CRC to match. This enables bit-flipping attacks where an attacker can modify encrypted packets without decrypting them.
A proper Message Authentication Code (MAC) like HMAC-SHA256 would prevent this, but WEP's designers chose CRC for computational efficiency.
Vulnerability 5: No Replay Protection
WEP has no sequence numbering or replay detection. An attacker can capture a valid encrypted packet and retransmit it indefinitely. This is exploited in the chopping attack and various active attacks against WEP.
Attack Timeline
| Year | Attack | Packets Needed | Time Required |
|---|---|---|---|
| 2001 | FMS (Fluhrer-Mantin-Shamir) | 4-6 million | Hours |
| 2004 | KoreK (improved FMS) | 500,000-700,000 | 15-30 minutes |
| 2005 | Fragmentation attack | 1 data packet | Seconds (for keystream) |
| 2007 | PTW (Pyshkin-Tews-Weinmann) | 40,000-85,000 | < 60 seconds |
| 2007 | Aircrack-ng toolset | 40,000+ | Automated, minutes |
By 2007, breaking WEP was reduced to running a single command in the aircrack-ng suite. It became a standard exercise in cybersecurity courses worldwide.
WEP vs WPA/WPA2 Security Comparison
| Security Feature | WEP | WPA (TKIP) | WPA2 (AES-CCMP) |
|---|---|---|---|
| Cipher | RC4 | RC4 (with fixes) | AES-128 |
| Key length | 40/104-bit | 128-bit | 128-bit |
| IV size | 24-bit | 48-bit (sequence counter) | 48-bit (packet number) |
| Key derivation | None (IV ∥ Key) | Per-packet key mixing | Per-packet unique key |
| Integrity | CRC-32 | Michael (64-bit MIC) | AES-CCMP (128-bit) |
| Replay protection | None | Sequence counter | Strict replay detection |
| Key management | Manual only | 4-way handshake | 4-way handshake |
| Crack time | < 1 minute | Hours (theoretical) | Infeasible (brute-force) |
Lessons Learned from WEP's Failure
For Cryptographic Engineers
- Never design your own crypto — WEP's creators were wireless engineers, not cryptographers. They misapplied RC4 in ways that introduced fatal weaknesses.
- IVs must be large and non-repeating — 24 bits was catastrophically insufficient. Modern protocols use 48-bit or larger counters that never repeat within a key's lifetime.
- Use authenticated encryption — CRC is not a MAC. Integrity checking must be cryptographically bound to the encryption key to prevent forgery.
- Key management is part of security — A system with no key rotation, no per-user keys, and no distribution mechanism is inherently insecure regardless of cipher strength.
- Assume active attackers — WEP assumed passive eavesdropping only. Real attackers inject packets, replay traffic, and manipulate the protocol.
For Network Administrators
If you still encounter WEP in the wild (some legacy industrial equipment still uses it), treat it as equivalent to having no encryption at all. Any device using WEP should be isolated on its own VLAN with firewall rules treating it as untrusted.
Current Status and Legacy
WEP was officially deprecated by IEEE in 2004 when 802.11i (WPA2) was ratified. WiFi Alliance stopped certifying WEP-only devices in 2003. However, some devices still support WEP for backward compatibility:
- Legacy industrial control systems
- Older wireless barcode scanners
- Some gaming consoles (Nintendo DS)
- Ancient printers with WiFi
Modern operating systems (Windows 10+, macOS Catalina+, iOS 14+) actively warn users or refuse to connect to WEP networks, marking them as "Weak Security."
Key Takeaways
- WEP was the first WiFi encryption standard (1997) designed to provide wired-equivalent privacy — it failed catastrophically at this goal
- The 24-bit IV space was far too small, causing keystream reuse within hours on busy networks
- RC4 weak key vulnerability (FMS attack) allows key recovery from passively collected packets in under 60 seconds with modern tools
- CRC-32 provides no cryptographic integrity — attackers can modify encrypted packets without detection
- No key management, no replay protection, and no per-user keys made WEP fundamentally broken at the protocol level
- WEP is crackable by anyone with a laptop and free software — it provides zero real security
- The failure of WEP directly led to the development of WPA, WPA2, and WPA3, each addressing specific WEP weaknesses with proper cryptographic design
Exam Focus
Revise definitions, diagrams, examples, and short-answer points for WEP Wired Equivalent Privacy Why it Failed.
Interview Use
Prepare one clear explanation, one practical example, and one common mistake for this Wireless Communications topic.
Search Terms
wireless-communications, wireless communications, wireless, communications, security, wep, wep wired equivalent privacy why it failed
Related Wireless Communications Topics